Windows 7 Seminar - Acend Corporate Learning

1,044 views

Published on

Microsoft Windows 7 Seminar hosted by Acend Corporate Learning in Toronto on March 3, 2011

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,044
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • XP – Users ran as admin
  • After video, demo UAC kick-in by trying to change time.
  • Show this from - Action Center, or - User Accounts
  • Contrast with EFS Discuss difficulty in implementing in Vista (especially after install)
  • TPM – stores keys and info about startup environment - Using a USB key requires a BIOS that supports USB prior to OS launch
  • You can force recovery if you lose your USB key or forget your pin
  • Through group policy you can require and removable drive to be encrytped.
  • Demo BTG with red thumb drive
  • SRP – problem: you had an almost unlimited number of programs to disable
  • Internet zone rules deal with MSI files
  • Demo - default executable rules - manual rule (deny access to Word) - enforcement - reboot and test - if fails, make sure App Identity service running
  • Users had to VPN – could be slow to go thru the connect process If a user gets a link to a doc in an email (that points to a network resource) they can’t access it unless vpn’d in If asked: firewalls must support edge traversal
  • Users had to VPN – could be slow to go thru the connect process If a user gets a link to a doc in an email (that points to a network resource) they can’t access it unless vpn’d in If asked: firewalls must support edge traversal
  • IP6 transition technologies: Teredo, ISATAP, 6to4
  • Search for “Record steps…” Change user picture.
  • Search CPU
  • Taskbar - icons (running apps vs quicklaunch) - thumbnails - jump lists - pin app to taskbar - pin folder to taskbar (drag to Win Expl icon; shows up in jump list) System Tray - config icons and notifications Visibility - show desktop - aero shake - tile two windows For wide screens - move taskbar to side of screen -
  • Taskbar - icons (running apps vs quicklaunch) - thumbnails - jump lists - pin app to taskbar - pin folder to taskbar (drag to Win Expl icon; shows up in jump list) System Tray - config icons and notifications Visibility - show desktop - aero shake - tile two windows For wide screens - move taskbar to side of screen -
  • Windows 7 Seminar - Acend Corporate Learning

    1. 1. Unlock Hidden Potential: What’s New in Windows ® 7
    2. 2. Clinic Outline <ul><li>Session 1: Security Features </li></ul><ul><li>Session 2: Networking Functionality </li></ul><ul><li>Session 3: Other New Features </li></ul>
    3. 3. Security Features <ul><li>User Account Control changes </li></ul><ul><li>Windows BitLocker™ and Windows BitLocker To Go™ </li></ul><ul><li>Windows AppLocker™ </li></ul>
    4. 4. User Account Control Changes <ul><li>What is User Account Control? </li></ul><ul><ul><li>A bunch of functions that help make your computer remain secure. </li></ul></ul><ul><li>Note: Administrators should still have admin and user accounts. </li></ul>
    5. 5. User Account Control Changes Remember this???
    6. 6. User Account Control Changes <ul><li>Many actions no longer require administrative privileges, so UAC doesn’t kick in: </li></ul><ul><ul><li>Changing time zone </li></ul></ul><ul><ul><li>renewing IP address </li></ul></ul><ul><ul><li>viewing firewall settings </li></ul></ul><ul><ul><li>changing display dpi </li></ul></ul>
    7. 7. User Account Control Changes (cont’d) <ul><li>More easily managed locally (with admin priv.) </li></ul><ul><li>More options than before </li></ul>
    8. 8. User Account Control Changes (cont’d) <ul><li>More granular configuration available through Group Policy </li></ul>
    9. 9. BitLocker <ul><li>Available in Enterprise and Ultimate editions </li></ul><ul><li>Same functionality as in Vista, but easier to implement </li></ul><ul><li>Requires two partitions – 100MB hidden partition created at install </li></ul>
    10. 10. BitLocker (cont’d) <ul><li>Security provided through: </li></ul><ul><ul><li>Trusted Platform Module (TPM) </li></ul></ul><ul><ul><li>TPM + PIN </li></ul></ul><ul><ul><li>TPM + PIN + USB Key </li></ul></ul><ul><ul><li>TPM + USB Key </li></ul></ul><ul><ul><li>USB Key </li></ul></ul>
    11. 11. BitLocker (cont’d) <ul><li>With TPM, enabling is through Rt-Click </li></ul><ul><li>Without TPM, Local Security Policy must be edited </li></ul><ul><li>Windows 7 provides support for Data Recovery Agent(s) </li></ul>
    12. 12. BitLocker (cont’d) <ul><li>Recovery password created when BitLocker enabled </li></ul><ul><ul><li>Saved </li></ul></ul><ul><ul><li>Printed </li></ul></ul><ul><ul><li>Stored in Active Directory </li></ul></ul><ul><li>Computer goes into recovery mode if: </li></ul><ul><ul><li>The TPM is missing or changed </li></ul></ul><ul><ul><li>There are changes to startup files </li></ul></ul><ul><ul><li>Computer is booted from a CD or DVD </li></ul></ul>
    13. 13. BitLocker To Go <ul><li>Available in Enterprise and Ultimate editions </li></ul><ul><li>Allows you to encrypt removable drives </li></ul><ul><ul><li>USB/Firewire/SATA HDDs </li></ul></ul><ul><ul><li>Solid state drives like USB thumb drives </li></ul></ul><ul><li>When you enable BTG, four things happen: </li></ul><ul><ul><li>You are prompted to create a password that will be used to unlock the drive </li></ul></ul><ul><ul><li>You will choose to save or print your recovery password </li></ul></ul><ul><ul><li>A “BitLocker to Go Reader” is copied to the drive (FAT drives only) </li></ul></ul><ul><ul><li>The drive is encrypted </li></ul></ul>
    14. 14. BitLocker To Go (cont’d) <ul><li>Using a BTG-encrypted drive in Windows 7 </li></ul><ul><ul><li>Prompted for password </li></ul></ul><ul><ul><li>Read/write access </li></ul></ul><ul><li>Using a BTG-encrypted drive in Vista or XP </li></ul><ul><ul><li>Autoplay displays a prompt to install the “BitLocker to Go Reader” </li></ul></ul><ul><ul><li>You are prompted for the password </li></ul></ul><ul><ul><li>You copy files to the local hard drive </li></ul></ul><ul><ul><li>You cannot open files directly from the BTG-encrypted drive, and you only have read access </li></ul></ul><ul><ul><li>To use BTG with Vista or XP, drive must be formatted with FAT file system </li></ul></ul>
    15. 15. AppLocker <ul><li>New version of Software Restriction Policies </li></ul><ul><li>Much simpler implementation </li></ul><ul><ul><li>Rules define what *can* run – all others are blocked </li></ul></ul><ul><ul><li>You can auto-create rules for all programs on a “reference machine” </li></ul></ul><ul><ul><li>You can then manually create rules for new applications </li></ul></ul>
    16. 16. AppLocker (cont’d) <ul><li>Three types of rules: </li></ul><ul><ul><li>Executable rules (exe, com, etc) </li></ul></ul><ul><ul><li>Windows Installer rules (msi, msp) </li></ul></ul><ul><ul><li>Script rules (bat, cmd, vbs, etc) </li></ul></ul><ul><li>“ Default Rules” allow: </li></ul><ul><ul><li>Everyone access to programs in Program Files </li></ul></ul><ul><ul><li>Everyone access to programs in Windows </li></ul></ul><ul><ul><li>Administrators access to programs everywhere </li></ul></ul>
    17. 17. AppLocker (cont’d) <ul><li>An “audit only” mode allows administrators to see what apps would be affected by an AppLocker rule before enforcing the rules </li></ul><ul><li>Critical Points: </li></ul><ul><ul><li>You must create the default rules first, because one “allow” rule will deny all others </li></ul></ul><ul><ul><li>The Application Identity service must be running on the client </li></ul></ul><ul><ul><li>A user with administrative privileges can circumvent the rules </li></ul></ul><ul><ul><li>Vista and XP clients ignore AppLocker </li></ul></ul><ul><ul><li>Windows 7 clients ignore Software Restriction Policies if they are in the same GPO as an AppLocker rule </li></ul></ul>
    18. 18. Networking Functionality <ul><li>Windows DirectAccess </li></ul><ul><li>Windows BranchCache™ </li></ul>
    19. 19. DirectAccess <ul><li>Technology that allows users to access the corporate network without a VPN connection </li></ul><ul><li>Transparently connects whenever the user connects to the Internet </li></ul><ul><li>Bi-Directional </li></ul><ul><ul><li>Users get access to the corporate network </li></ul></ul><ul><ul><li>IT can manage the remote computer </li></ul></ul><ul><ul><ul><li>NAP health policies </li></ul></ul></ul><ul><ul><ul><li>Patches </li></ul></ul></ul>
    20. 20. DirectAccess
    21. 21. DirectAccess (cont’d) <ul><li>Can be configured to be: </li></ul><ul><ul><li>Network wide </li></ul></ul><ul><ul><li>Restricted to specific resources </li></ul></ul><ul><li>Communication is via IPv6 over IPSec (possibly tunneled through IPv4) </li></ul><ul><li>Integrates with NAP to ensure computers are healthy before connecting </li></ul>
    22. 22. DirectAccess (cont’d) <ul><li>Hardware/Software requirements: </li></ul><ul><ul><li>At least one DirectAccess server running 2008 R2 with two NICs </li></ul></ul><ul><ul><li>At least one DC and DNS server running 2008 or 2008 R2 </li></ul></ul><ul><ul><li>A PKI </li></ul></ul><ul><ul><li>Defined IPSec policies </li></ul></ul><ul><ul><li>IPv6 transition technologies </li></ul></ul><ul><ul><li>Windows 7 Enterprise or WS08R2 on the client </li></ul></ul>
    23. 23. BranchCache <ul><li>Branches often connected via slow links – resource access can be slow </li></ul><ul><li>BranchCache helps resolve issue by caching data in the branch office (encrypted) </li></ul><ul><li>Can be implemented in two modes: </li></ul><ul><ul><li>Distributed caching </li></ul></ul><ul><ul><li>Hosted caching </li></ul></ul>
    24. 24. BranchCache (cont’d)
    25. 25. BranchCache (cont’d) <ul><li>When accessing data for the first time the computer </li></ul><ul><ul><li>Downloads the data from the corp site </li></ul></ul><ul><ul><li>Copies the data (if necessary) to the hosted cache </li></ul></ul>
    26. 26. BranchCache (cont’d) <ul><li>When a second user accesses the same data, the computer: </li></ul><ul><ul><li>Contacts server in corp site to confirm user is authorized and downloads an identifier and a hash of the data </li></ul></ul><ul><ul><li>Checks the branch cache for the identifier and, if found, checks the hash against the cached copy </li></ul></ul><ul><ul><li>If the identifier is not found or the hashes don’t match (file has changed), downloads the data from the main site </li></ul></ul>
    27. 27. BranchCache (cont’d) <ul><li>Note: BranchCache only works for reads. Any writes are saved to the main site </li></ul><ul><li>Requirements: </li></ul><ul><ul><li>Content servers in main site must be 2008 R2 with BranchCache enabled </li></ul></ul><ul><ul><li>A 2008 R2 server in the branch site if using Hosted Cache, with BranchCache enabled </li></ul></ul><ul><ul><li>Windows 7 Enterprise clients with BranchCache enabled </li></ul></ul>
    28. 28. Other New Features <ul><li>Libraries </li></ul><ul><li>Problem Steps Recorder </li></ul><ul><li>Start/Search Button </li></ul><ul><li>Interface Enhancements </li></ul>
    29. 29. Libraries <ul><li>Views that help users manage data in: </li></ul><ul><ul><li>Shared folders </li></ul></ul><ul><ul><li>Document repositories </li></ul></ul><ul><ul><li>Web sites </li></ul></ul><ul><li>Adding web sites or document repositories to a Library requires a connector </li></ul><ul><li>Libraries can be shared on the network </li></ul>
    30. 30. Problem Steps Recorder <ul><li>Helps administrators recreate the steps that led to a problem for the user </li></ul><ul><li>Creates screen captures and descriptions of every action a user takes </li></ul><ul><li>Saves the captures in a .zip file viewable in browser </li></ul><ul><li>Great for documenting configurations </li></ul>
    31. 31. Start Search Button <ul><li>Super timesaver </li></ul><ul><li>Lists files, folders, programs, email addresses, address book entries, calendar appointments, pictures, movies, .pdf documents, music files, browser bookmarks and MS Office documents </li></ul><ul><li>Smart – not just a word search </li></ul><ul><li>Results more complete and faster if indexing is enabled </li></ul>
    32. 32. Interface Enhancements <ul><li>Windows 7 provides dozens of obvious or subtle interface improvements that: </li></ul><ul><ul><li>Add functionality </li></ul></ul><ul><ul><li>Improve efficiency </li></ul></ul><ul><ul><li>Make working with Windows more pleasant </li></ul></ul>
    33. 33. The End <ul><li>Questions? </li></ul>

    ×